Solved: Re: Splunk 4.1.6 - skipped indexing of internal au...

inquen · ‎07-07-2011

How would I resolve an issue like this? There appears to be ample disk space on the server hosting the Splunk installation.

jbsplunk · ‎07-07-2011

It probably means something is going on with the queues sending data through Splunk. I would check metrics.log for messages that show 'blocked=true'. Disk space could be part of the reason you'd run into this issue, but its sort of a generic 'things aren't healthy' message.

View solution in original post

k_harini · ‎05-25-2017

How was this resolved? Please help

rachelneal · ‎01-19-2012

I am having the exact same problem and have ample disk space as well. I do find a lot of "blocked=true" in the metrics log but not sure how to remedy. what ended up working?

chicodeme · ‎10-20-2011

What did it end up being?

jbsplunk · ‎07-07-2011

It probably means something is going on with the queues sending data through Splunk. I would check metrics.log for messages that show 'blocked=true'. Disk space could be part of the reason you'd run into this issue, but its sort of a generic 'things aren't healthy' message.

Splunk 4.1.6 - skipped indexing of internal audit event will keep dropping events until indexer congestion is remedied. Check disk space and other issues that may cause indexer to block

Routing logs with Splunk OTel Collector for Kubernetes

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM